DickBlog - Not much original comment, but lots of great resources - Security/Viruses/Hoaxes and Scams

Self-signing your secure certificate - SSL for free

Mon, 05 Mar 2007 09:54:00 +0100

Here's how to do it or, for IIS6, you can get Microsoft to do the work with their SelfSSL tool from the IIS Resource Kit. Barney has a posting on an issue with Apache and OSX.

OpenID

Mon, 05 Mar 2007 09:48:00 +0100

OpenID is an open, decentralized, free framework for user-centric digital identity. Nice idea, now where can I use it... Here's some more resources...

Windows Password Cracker

Fri, 09 Feb 2007 15:00:00 +0100

Ophcrack is a Windows password cracker based on rainbow tables. It is a very efficient implementation of rainbow tables done by the inventors of the method. It comes with a GTK+ Graphical User Interface and runs on Windows, Mac OS X (Intel CPU) as well as on Linux.

SQL Injection Attacks by Example

Mon, 12 Jun 2006 13:58:00 +0100

If you have developed a web application with a database back-end, you should check out this article titled SQL Injection Attacks by Example. It clearly explains what a SQL injection attack is and shows you how defend against such attacks.

Cross Site Scripting (XSS)

Wed, 26 Apr 2006 10:32:00 +0100

After a little investigation I think you shouldn't try to strip out any HTML from a users input, within reason, but to bracket the output of all their input with HTMLEditFormat(). That way any sillyness will be displayed in all it's glory! This of course is in addition to adding to your Application.cfc or the scriptprotect attribute of the cfapplication tag in CFMX 7. This is preferred over blindly checking the "Enable Global Script Protection" checkbox in the Administrator as it gives more flexibility. See Pete Freitag's blog for more info. Also there's a good article on SysCon. Plus a good faq at http://www.cgisecurity.com/articles/xss-faq.shtml

Security Presentation

Mon, 24 Apr 2006 15:03:00 +0100

Here's a great web security presentation by Mike Andrews. Jump to minutes 25, 40 and 55.

Securing the Admin Directory

Mon, 25 Jul 2005 17:59:00 +0100

Ray Camden has started some more security chatter!

Secure Password

Thu, 21 Jul 2005 13:57:00 +0100

Is your password secure? Check it out here!

Google Hacking Database

Thu, 17 Feb 2005 09:59:00 +0100

Make sure you're not listed on this site of exposed websites found by a Google hack.

Windows Security Tools

Wed, 26 Jan 2005 10:27:00 +0100

Windows Security Tools

Preventing Comment Spam

Wed, 19 Jan 2005 09:18:00 +0100

Google and others have got together to screen out spam in blog comments by adding the rel="nofollow" attribute. See here...

http://www.google.com/googleblog/2005/01/preventing-comment-spam.html

Common Security Vulnerabilities in e-Commerce Systems

Thu, 07 Oct 2004 00:00:00 +0100

SecurityFocus has a good article on the most common forms of security vulnerabilities for e-commerce systems, but I think that a lot of web apps may be vulnerable to some of these as well (think sql injection, session hijacking, and so forth).

The forecast of results of matches on Euro-2004

Mon, 10 May 2004 00:00:00 +0100

I certainly seem to attract some weird get-rich-quick scams!

===============================================

In January, 2001 the group of the Russian mathematicians had been started work on gathering statistical given European soccer teams. The huge database of all official and companionable matches between the European teams has been created. For 3 years of work the empirical law, which allows define result of a match between soccer teams from Europe, with probability of 95 % has been found. The given law takes into account place of carrying out of a match and set of other factors, which influence result of a match. I took part in this project. The received results have proved to be true in practice. Now I have an opportunity to send you the forecast for any five matches of the championship of Europe 2004 in Portugal. You can make rates on a tote and receive compensation. The forecast for three matches costs 300 euros. To receive the forecast to you it is necessary to transfer 300 euros to the account web money WMExxxxxxx and to write the letter on the electronic address xxxxxxxxxxxx@yahoo.com in which you specify matches interesting you. The answer will be sent on your return address. You can familiarize with system web money on http://www.wmtransfer.com/.

I wish you success on Euro-2004.

===============================================

Links and email addresses changed to protect the guilty.

Another PayPal Scam

Mon, 26 Apr 2004 00:00:00 +0100

Got the following email today

This is the first time I've had this one. I like the ColdFusion quote. That got me interested for a while! After having a quick Google I've found that this scam seems quite popular, but with different companies named, like:

Carex Pharmaceuticals Corporation
Insta-Pro International Corporation

===============================================

From: "Leonard"
Date: Mon, 26 Apr 2004 00:16:48 +0000
To: "Billy"
Subject: Have a Paypal Account? Want to Make SERIOUS Money With It?

Dear Sir or Madam,

Do you have a Paypal account and want to earn a SIGNIFICANT amount of money by doing practically NOTHING? If you do, then this is your opportunity to start a business relationship with an international graphics supply company "Mentor Graphics Corporation". Mentor Graphics Corporation is NOT a marketing company; there is NOTHING to buy and NOTHING to sign up for, and most importantly, NO WORK is required on your part in order to collect large quantities of cash within a 1-24 hours of receiving this message. Our company located in Europe (United Kingdom). We have many clients who work with us and buy our products. We need YOU because we have many branches in USA and Europe. Right now we need people who have verified PayPal accounts.

Our company gives you first time an opportunity to earn 20 % from all translations that will go trough your account in paypal. After next transactions you will receive 25% as a Gold member. After receiving money on your PayPal account, you will have to send 80% to our manager to Europe through Western Union.

Here are the requirements:

1. You must have verified PayPal account.
2. You have to tell us your full name, real telephone number, your e-mail registered in PayPal and when you're ready to work with our company just send an e-mail to "[DickBlog: address removed]"

This is your chance to try yourself in your new money making program. You will see the result in 24 hours after sending your information to our email "[DickBlog: address removed]"

AAout Mentor Graphics.

Mentor Graphics Corporation is a world leader in electronic hardware and software design solutions, providing products, consulting services and award-winning support for the world's most successful electronics and semiconductor companies. Established in 1981, Mentor Graphics reported revenues over the last 12 months of more than $600 million and employs approximately 3,100 people worldwide. Mentor Graphics Corporation offers a variety of services when it comes to website design. Our highly experienced staff can create anything from a simple website used for advertising to a highly technical website with a store or catalog to be updated regularly, or even your own chat room. We are especially strong in database interfacing using Cold Fusion and iHTML.

Roger Arpino
Mentor Graphics Corporation,
Executive Officer

===============================================

Open Web Application Security Project (OWASP)

Fri, 23 Apr 2004 00:00:00 +0100

"OWASP was started in September 2000 with its mission to create an open source community where people could advance their knowledge about web application and web services security issues by either contributing their knowledge to the education of others or by learning about the topic from documentation and software produced by the project."

Lots of useful stuff here. Especially their guide. Worth reading and keeping in contact with.

There is a online version of the document. I think the choice chapters are: